The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.
e93c2829969b19c504cd3f1c57ed73580f7207de2859d1e952e49e3a60186fc8A proof of concept has been released that bypasses the fix for the original finding regarding an incorrect optimization in BytecodeGenerator::emitGetByVal in WebKit JSC.
424b380e7d3c1cbc0226f7a72afefbd2fcb4158f18e5251ba138a6ab2b914b5bUbuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.
c2bedfbc57a00c51150a01873bae989bcc87b6d4e0f981bb7614f0a531896758EMC Documentum Content Server suffers from a privilege escalation vulnerability.
80285eb669610b3c918abc9181df00a398f6734029af4b07e148e171da2b1654A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.
c2fab15b7849733e911e9d40873b3af36fa3fddd78061a30c82067805f9a0abdRed Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.
b89975366ee6328c10cdb0972ba6d35579d720825039dd0de3a5990c71892d7aDebian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.
9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796The fix for the XXE injection vulnerability in Spring's framework was incomplete when addressing the issue outlined in CVE-2013-4152. Versions affected include Spring MVC 3.0.0 to 3.2.4 and Spring MVC 4.0.0.M1 to 4.0.0.RC1.
173314b9e0698f8b4a1f988549c3ab83bb9af713cd2cc7374742743449dc9f25Red Hat Security Advisory 2013-1076-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.
e514c34f443c7c63e0a1cb1c40019ce86c10b07bf91c91138fe0259c0e5141acA bug exists in the processing of the output length of an HMAC-based XML Signature that would cause a denial of service when processing specially chosen input. Exploitation of this issue does not require authenticated content. In very unusual cases, inputs could be chosen in such a way that the fix for the issue in CVE-2009-0217 could be bypassed, enabling improper verification of a signature. Versions prior to 1.7.1 are affected.
4ed699c9710bffc9e07a34e7f30bd97e55b2305af63662dc2f499d685d727662Red Hat Security Advisory 2013-0883-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
985b08bb5e85e3bdab1ce08986444bf23688b3dd64bb4f77591741bf2232aaadRed Hat Security Advisory 2013-0121-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030.
17e3f371b831fa444dc7ad24136681e62ffa7eaa676fa8fdb0919f28a0afef0aMandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
9e38ac57b978f81b9a736dd76fb0aa10e2d398eee8cbab2106dee52124428a27Mandriva Linux Security Advisory 2009-026-1 - phpMyAdmin suffered from cross site scripting, cross site request forgery, and SQL injection vulnerabilities. This update provide the fix for these security issues. The previous update packages wasn't signed, this time they are.
cb03b4a7f45f173639487a0d4ba5713cd6777f5c6fad1c3fcf62282aa78368caMandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues.
2448fae9480dabfbee30745fd109ad6366e611bdd9d4839b93e762b8fd443e63Mandriva Linux Security Advisory 2009-006 - Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documents enables remote attackers to execute arbitrary code on documents holding certain crafted either WMF or EMF files. ). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages.
764b243a216d03ac1b187c250cae6ce495eea4fbd2df074611469d3ca0e9551bl0phtl0phe-kid.c - Easy antisniff v1.02 exploit. l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks. This version has been made easy enough for script kiddies to use - to avoid that "doesn't work" lamer claim.
bd31032131862d82287cf734e1ae6420cdb563449a5eb13f9c348e7266dd300dl0phtl0phe.c - antisniff exploit (1.02 included). l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks.
936d433c03025bd9a3d606c0f3d43a479b07e715b0201d0e5f316e3adcac8c05
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed